8dc0e467bf
CVE-2013-3368
CVE-2013-3369
CVE-2013-3370
CVE-2013-3371
CVE-2013-3372
CVE-2013-3373
CVE-2013-3374
It also includes a database upgrade, so please make sure to run `make
upgrade-database`.
Changes in detail are:
3.8.15->3.8.16:
ruz stop RT from locking on "large" mails
ruz make sure data is recorded (tests)
alexmv Remove bogus argument to ->get(), which fail on HTTP::Message >= 5.05
alexmv Ensure that tickets are destroyed before global destruction, in more
alexmv Work around a bug in perl < 5.13.10 with open($fh, ">:raw", \$string)
sunnavy destroy more tickets and objects before global destruction for modern
tsibley Remove the "signature" paragraph from the README's explanation of RT
3.8.16->3.8.17:
alexmv Ensure that filenames in inline image attributes are HTML-escaped
alexmv Deny direct access to callbacks
alexmv Protect calls to $m->comp with user input in ColumnMap
alexmv Ensure that subjects cannot contain embedded newlines
alexmv Remove filename= suggesions from Content-Disposition lines
alexmv Ensure consistent escaping of filenames in attachment URIs
alexmv Ensure that URLs placed in HTML attributes are escaped correctly, to
prevent XSS injection
alexmv Ensure that the default replacement does not pass through unescaped
content
alexmv Use File::Temp for non-predictable temporary filenames
|
||
|---|---|---|
| .. | ||
| patches | ||
| DESCR | ||
| dirs.mk | ||
| distinfo | ||
| Makefile | ||
| Makefile.install | ||
| MESSAGE | ||
| options.mk | ||
| PLIST | ||